Month: November 2024

Wordfence researchers issued on November 14, 2024 a warning about vulnerability CVE-2024-10924, having CVSS Score of 9.8, in the Really Simple Security plugin that affects over 4 million WordPress web sites. The Really Simple Security plugin, formerly Really Simple SSL, is a popular WordPress tool that enhances website security with features like login protection, real-time vulnerability detection, and two-factor authentication. If exploited, it allows an attacker to remotely gain full administrative access to a site running the plugin. The vulnerability was discovered by Wordfence’s researcher István Márton.

The flaw is due to improper user check error handling in the two-factor REST API actions with the ‘check_login_and_get_user’ function. “Unfortunately, one of the features adding two-factor authentication was insecurely implemented making it possible for unauthenticated attackers to gain access to any user account, including an administrator account, with a simple request when two-factor authentication is enabled,” Márton said.

Ironically, this vulnerability only impacts WordPress sites who have enabled “Two-Factor Authentication” in the plugin settings.

CVE-2024-10924 impacts plugin versions from 9.0.0 and up to 9.1.1.1 of the “free”, “Pro” and “Pro Multisite” releases. The flaw was fixed in version 9.1.2. Security updates were released on November 12 (Pro versions) and November 14 (free version).

Read more about it here.

Amazon disclosed on November 11, 2024 a data breach that exposed employee information after the data was allegedly stolen during the May 2023 MOVEit Transfer attacks. The company said that the data was stolen from a third-party property management vendor. The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. This critical SQL injection flaw enabled cybercriminals to bypass security measures and potentially steal sensitive data from thousands of organizations worldwide.

The Amazon employee information involved was employee work contact information, for example work email addresses, desk phone numbers, and building locations.

Amazon did not disclose the number of impacted employees.

A threat actor using the handle Nam3L3ss leaked over 2.8 million records containing Amazon employee data on the hacking forum BreachForums.

Read more about it here.

Interbank, one of Peru’s leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.

Interbank disclosed a data breach after a threat actor going by the moniker ‘kzoldyck’ claimed the leak of 3.7 TB of company data. The alleged stolen data includes account IDs, birth dates, addresses, phone numbers, email addresses, and IP addresses, as well as credit card and CVV numbers, credit card expiry dates, info on bank transactions, and other sensitive information, including plaintext credentials.

Interbank announced that it had resumed its mobile and online platforms after recent outages and assured customers that their funds were not impacted by the security incident.

The threat actor confirmed that Interbank refused to pay the ransom after a two-week negotiation.

Interbank, formally known as the Banco Internacional del Perú Service Holding S.A.A., is a leading Peruvian provider of financial services and has over 2 million customers.

Read more about it here.